Topic 4, Scenario 4
Background
General Background
You are employed as a SharePoint administrator at ABC.com, who has its headquarters in Paris
and branches in Dallas, Los Angeles, and Manchester. ABC.com has acquired a minor company,
named Weyland Industries.
Technical Background
ABC.com has an Active Directory Domain Services (AD DS) domain, named ABC.com, which
includes an Active Directory Rights Management Services (AD RMS) server.
The ABC.com SharePoint environment contains a public site, an intranet site, a document portal,
and a My Site portal. The environment has two Windows Server 2012 servers that are configured
to have SharePoint services installed. Servers in the ABC.com domain make use of a third-party
file-level antivirus application. SharePoint databases in the ABC.com domain are hosted on
Microsoft SQL Server 2012 computers.
ABC.com intends to change the current SharePoint farm with a three-tier farm that has a firewall
configured between them. If it is not specifically defined, servers should be virtualized. ABC.com’s
headquarters has two servers that have no operating system installed. It also has two servers that
have Windows Server 2012 with Hyper-V installed. The Los Angeles office has a server that has
no operating system installed.
Active Directory is used to maintain and save ABC.com’s user accounts. Active Directory
synchronization is used by the My Site, and document portal SharePoint sites for obtaining user
and group membership data. New user profile data frequently requires in excess of a full day prior
to these new users being able to view it.
Weyland Industries has an AD DS domain, named weylandindustries.com, which includes a
single-server SharePoint environment.
Web Applications
The ABC.com domain will host a newly developed remote web application, named ABC1. This
new application should be able to make use of SharePoint resources located in the
weylandindustries.com domain. The management of ABC1 via Windows PowerShell should be
allowed for SharePoint administrators in the weylandindustries.com domain.
Technical Requirements
Complete access to the ABC.com domain’s internal SharePoint resources should be allowed for
Weyland Industries users. Resources in the weylandindustries.com domain should not, however,
be accessible to ABC.com users.
Documents pertaining to the merger should be barcoded, and secured against sharing.
Authenticated users accessing ABC1 should not be compelled to provide their credentials.
All SharePoint sites should be accessible to ABC.com domain users as soon as their Active
Directory account credentials are obtained.
The user’s personal site collection must automatically be eliminated at least a half a day after their
account is erased.
The antivirus application must not scan SharePoint directories.
The migration of the SharePoint environment should not allow application and database servers to
be accessed via the Internet. Database servers should be physical machines, which has Windows
Server 2012 installed and has direct access to storage. Furthermore, database servers should
only allow connections from the SharePoint servers, and should be configured for redundancy.
Database transaction logs should not be kept on-site, while SharePoint installation prerequisites
should not be installed online.
*********************************************************
Subsequent to upgrading the current farm, you are instructed to make sure that web servers are
able to interconnect with service applications as per the prerequisites.
To achieve this, you are preparing to configure the network firewalls to permit traffic via a certain
port.
Which of the following is the port you should use?
A.
Port 443.
B.
Port 563.
C.
Port 1024.
D.
Port 1433.
Explanation:
Plan security hardening for SharePoint 2013
http://technet.microsoft.com/en-us/library/cc262849(v=office.15).aspx